{"id":196,"date":"2019-11-13T22:48:58","date_gmt":"2019-11-13T22:48:58","guid":{"rendered":"http:\/\/efgintelligence.com\/powersportsswitchback\/?p=196"},"modified":"2019-11-13T22:50:12","modified_gmt":"2019-11-13T22:50:12","slug":"what-is-a-ciso","status":"publish","type":"post","link":"https:\/\/efgintelligence.com\/powersportsswitchback\/2019\/11\/13\/what-is-a-ciso\/","title":{"rendered":"What IS a CISO?"},"content":{"rendered":"<figure id=\"attachment_174\" aria-describedby=\"caption-attachment-174\" style=\"width: 240px\" class=\"wp-caption alignright\"><img data-recalc-dims=\"1\" fetchpriority=\"high\" decoding=\"async\" data-attachment-id=\"174\" data-permalink=\"https:\/\/efgintelligence.com\/powersportsswitchback\/2019\/02\/19\/are-you-ready-for-a-data-breach\/maurice-hamilton-headshot\/\" data-orig-file=\"https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?fit=1500%2C1875&amp;ssl=1\" data-orig-size=\"1500,1875\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;1&quot;}\" data-image-title=\"Maurice Hamilton Headshot\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;Contributing Author:&lt;br \/&gt;\nMaurice Hamilton&lt;br \/&gt;\nVice President&lt;br \/&gt;\nEFG Companies&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?fit=240%2C300&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?fit=580%2C725&amp;ssl=1\" class=\"size-medium wp-image-174\" src=\"https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot-240x300.jpg?resize=240%2C300\" alt=\"\" width=\"240\" height=\"300\" srcset=\"https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?resize=240%2C300&amp;ssl=1 240w, https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?resize=768%2C960&amp;ssl=1 768w, https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?resize=819%2C1024&amp;ssl=1 819w, https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?w=1500&amp;ssl=1 1500w, https:\/\/i0.wp.com\/efgintelligence.com\/powersportsswitchback\/wp-content\/uploads\/sites\/6\/2019\/02\/Maurice-Hamilton-Headshot.jpg?w=1160&amp;ssl=1 1160w\" sizes=\"(max-width: 240px) 100vw, 240px\" \/><figcaption id=\"caption-attachment-174\" class=\"wp-caption-text\">Contributing Author:<br \/>Maurice Hamilton<br \/>Vice President<br \/>EFG Companies<\/figcaption><\/figure>\n<p>If you\u2019re in the powersports business, you\u2019re used to dealing with regulations and compliance issues. It\u2019s simply part of doing business. However, sometimes when a new regulation comes down, it\u2019s all too easy to balk at the potential increased cost in both financial and time investment to implement them. Right now, <strong>there is a lot of talk about updating the Safeguards Rule, and the potential business impact.<\/strong><\/p>\n<p>Let\u2019s step back and look at the regulation. As part of the Gramm-Leach-Bliley Act, the <strong>Safeguards Rule was designed to protect the security, confidentiality, and integrity of customer information.<\/strong><\/p>\n<blockquote><p><strong>16 CFR Part 314 Rule Summary: <\/strong><\/p>\n<p><em>The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.<\/em><\/p><\/blockquote>\n<p>While it is in the inherent best interest of a powersports dealership and its partners to protect and secure customer data, a new wrinkle was recently added that has many in retail automotive scratching their heads. The April 4<sup>th<\/sup> issue of the <em>Federal Register<\/em> contained an update to the Federal Trade Commission\u2019s <em>Notice of Proposed Rulemaking<\/em> concerning the Safeguards Rule. This issue included several additional requirements that will impact dealerships. <strong>One of the most pervasive is the requirement for a Chief Information Security Officer (CISO), which begs the question \u2013 what the heck is a CISO and where do you find one?<\/strong><!--more--><\/p>\n<h3>CISO<\/h3>\n<p><strong>A CISO oversees the continuous monitoring or periodic penetration testing and vulnerability assessments of the dealership\u2019s network security system.<\/strong>\u00a0 Whether managing this internally or through outsourcing, the effort to achieve a robust and continuous network monitoring program is directly tied to on the number of networked devices in your IT environment. Count all your computers that are set up on your dealership\u2019s network. Now, count the printers, faxes, tablets, cell-phones, etc. That number can add up fairly quickly.<\/p>\n<p>Here\u2019s the good news. The FTC Notice indicates that <strong>a dealership can appoint an employee to serve as the CISO, or an outside provider can be tapped,<\/strong> and there are already excellent players in the field of IT security. If you work with an OEM, start by reaching out to them to see what resources they have available for you. Check with your website provider for references. You can also speak with your F&amp;I product administrator for advice and references on where to go.<\/p>\n<p>When deciding whether to keep the CISO function in-house or to outsource, <strong>consider the functions the CISO must handle, including:<\/strong><\/p>\n<ul>\n<li>Access controls on information systems<\/li>\n<li>Identification and management of the data<\/li>\n<li>Restricting access at physical locations<\/li>\n<li>Protecting by encryption all customer information<\/li>\n<li>Adopting secure development<\/li>\n<li>Implementing multifactor authentication<\/li>\n<\/ul>\n<p>The baseline to all of this is to <strong>keep applying the processes and procedures you already have in place<\/strong> to secure customer data and stay compliant. The changes will not come overnight. But if your dealership security is already in good working order, then this new wrinkle becomes just another business decision.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019re in the powersports business, you\u2019re used to dealing with regulations and compliance issues. It\u2019s simply part of doing business. However, sometimes when a new regulation comes down, it\u2019s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[71],"tags":[],"class_list":["post-196","post","type-post","status-publish","format-standard","hentry","category-data-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7NG7I-3a","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/posts\/196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/comments?post=196"}],"version-history":[{"count":2,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/posts\/196\/revisions"}],"predecessor-version":[{"id":198,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/posts\/196\/revisions\/198"}],"wp:attachment":[{"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/media?parent=196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/categories?post=196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/efgintelligence.com\/powersportsswitchback\/wp-json\/wp\/v2\/tags?post=196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}